[maemo-developers] Repositories mess: conclusions and actions
From: Tim Teulings rael at edge.ping.deDate: Thu Oct 25 21:25:04 EEST 2007
- Previous message: Repositories mess: conclusions and actions
- Next message: Repositories mess: conclusions and actions
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello! IMHO this discussion is important, but needs some kick to start discussing real concrete solutions in more detail and to agree on suggested behavior. I would suggest to continue discussing but in the end of each of you mails define short statements, that summarize your idea and ideally are a "patch" to this or a similar list (especially my conclusion could be more concrete and shorter :-)) and especially agree or disagree explicitly on points already suggested to get a common opinion. So I try to summarize and extract the key points already mentioned. Problem ======= - Nokia: There are many applications that would increase the wealth of our product, but me must guaranty + Quality (Quality) + Ease of use (Simplicity) - Nokia: We want to centralize the development to just make things easier", "simpler" and add service - without compromising the open source idea. (Simplicity, centric) - Nokia: We want to multiply by delegating task to the community (Scalability) - Nokia: We must keep security in mind - nobody must be able to inject bad packages etc... (Security, Control) - Nokia: We want to attract new developers and give them a guided testing bed (Iterative) - User: There are a huge number of applications. Most of the applications would promote the devices and the platform, but it is difficult to + find the application (Locate) + judge, if the application has "quality" (Quality) - Developer: Developers have problems to promote their software (Promote) - Developer: It is difficult to assure that the application is installing and running well on all devices (Quality assurance) - Developer: There are multiple platforms and I need to do building for them all manually (Build management). - Developer: Not every developer is similar. The process must support + Garage + External projects but local packaging + External projects (Flexible) Claims ====== This results in solving problems that can be described by the following key points (I admit that these are very common problems when working in the software development process ;-)): We need a process that... - Defines Quality - Assures Quality - Is simple - Is somewhat centric - Is scalable - Assures security and control over the process - Is iterative for developers - Helps user finding a application - Helps promoting software - Eases building packages - Must be flexible regarding package sources Comments ======== So some comments on some of the key topics. Quality: Quim quoted http://maemo.org/development/documentation/how-tos/4-x/quality_awareness.html but this is only a start. But Quim itself admits that there already software that is promoted while not fulfilling all criteria (and this is IMHO the right thing). So we need a better definition on quality like: * Number of users installed must be significant. * Number of bugs (=> Debian) * Rating (as a soft criteria that signals requirement for further investigation). (=> Application Catalog) There is also the question about who decides the quality? The process (=> Debian)? The user itself based on some numbers? Nokia? To assure quality the process must react very quickly (more quickly like in Debian staging repositories). Simple: Simple for me means that it must be automatic. Things like auto building, evaluation of open tickets and application catalog integration are IMHO a must. Centric: * Means that there is one official repository (which may be split into stable, testing..), one application catalog, one ticketing system. There is no way around this if we want to guarantee security and quality at the same time. Scalable: => Automation and having a => group of people. At least part of the team should by non-Nokia "people". Security and control: So we need signing, secure process injection protocols and a clearly defined process. I thing Debian has a number of additional mechanism that could detect problems with Copyright and similar by scanning packages and differences between package versions etc... Iterative: We need staging repositories and a rating system that has more states than "good". Finding Applications: We have the application catalog which might need improvement but I see no other solution. Promotion: We could automatically generate high scores from the download numbers from the catalog and also from the rating. Promotion should be part of the catalog (and the home page). There is already something like that there but could of course bee improved. Eases building/Flexible: Tools, examples and Autobuilder/autoinstaller. fetching external repositories is IMHO no go, because of the security reasons mentioned by Nokia. Having an external project page myself, I see the problems but also see the problems supporting me. IMHO garage should be able to delegate parts of a project (web page, source repository) to external (trusted) resources. Building however cannot be externalized, so I still have to drop complete source packages into the process. Conclusion ========== For me this results in: * Definition of the meaning quality in a community that consists of Nokia and the open source community. * Implementing a Debian-like approach using autobuilder, staging repositories, possibly initial manual scanning of new packages (not package revisions), a central bug tracking system and a community consisting of Nokia and community people. The difference would be: * Much better integration of the application catalog and thus much better promotion features. Feedback from the catalog back into the quality system (Like "Create a bug for this application"-Links). * Possibly much faster reaction on package problems (packages with major bugs will be kicked from "stable") and thus modified rules how a package walks through the staging repositories. * Quality is not only defined based on bug tracking and license policy. Infrastructure: * Since Nokia holds most of the infrastructure I fear Nokia has the burden to supply the technical infrastructure while the community will support the daily work, the rating and the quality assurance. OK, this mail got longer than expected. Hope this helps. P.S.: Please do not go crazy on certain formulations. I know that there is Ubuntu and fedora etc.. besides debian... ;-) -- Gruß... Tim
- Previous message: Repositories mess: conclusions and actions
- Next message: Repositories mess: conclusions and actions
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]